Subject: Re: http://thesource.ofallevil.com/hmmm
From: Mike Tibor (tibor@lib.uaa.alaska.edu)
Date: Fri Sep 13 2002 - 13:50:55 AKDT
On Fri, 13 Sep 2002, Tim Johnson wrote:
>
> * W.D.McKinney <deem@wdm.com> [020913 11:06]:
> >
> > Spoofing dns like this happens frequently. MS is especially a target.
> > I have seen many of these and whois database should not be your confirmation.
> > You had better get up to speed :-)
>
> Nows your chance. Enlighten, then I'll be up to speed.
> thnx
There actually isn't any spoofing going on here at all. Someone just
registered a domain, and setup an A record pointing to the IP address of
www.microsoft.com:
shatner:/usr/home/tibor$ host thesource.ofallevil.com
thesource.ofallevil.com is a nickname for source.ofallevil.com
source.ofallevil.com has address 207.46.230.219
shatner:/usr/home/tibor$ host 207.46.230.219
219.230.46.207.IN-ADDR.ARPA domain name pointer microsoft.com
219.230.46.207.IN-ADDR.ARPA domain name pointer microsoft.net
219.230.46.207.IN-ADDR.ARPA domain name pointer
www.international.microsoft.com
219.230.46.207.IN-ADDR.ARPA domain name pointer www.us.microsoft.com
shatner:/usr/home/tibor$ whois ofallevil.com
[...]
Of All Evil
Hades
Hell, on Earth
CA
Domain Name: OFALLEVIL.COM
Administrative Contact:
Evil One no@such---address.org
Of All Evil
Hades
Hell, on Earth
CA
Phone:
Fax:
Technical Contact:
Robert Mudryk rmudryk@YAHOO.COM
lasers.org
990 Dominion Dr.
Westlake, OH 44145
US
Phone: 440 871-1223
Fax: (440) 871-9284
Record updated on 2002-06-06 22:54:03
Record created on 2002-06-05
Record expires on 2003-06-05
Database last updated on 2002-09-13 17:47:20 EST
Domain servers in listed order:
AUTH00.LASERS.ORG 63.95.171.235
AUTH01.LASERS.ORG 209.143.62.11
Register your domain name at http://www.bulkregister.com
Mike
-- Mike Tibor Univ. of Alaska Anchorage (907) 786-1001 voice Network Technician Consortium Library (907) 786-6050 fax tibor@lib.uaa.alaska.edu http://www.lib.uaa.alaska.edu/~tibor/ http://www.lib.uaa.alaska.edu/~tibor/pgpkey for PGP public key--------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Fri Sep 13 2002 - 13:50:59 AKDT